Bumpy ride for mail servers from stock spam
For the last few days, massive spam attacks, similar to those seen in May, at short intervals of a few minutes to several hours, have been pushing e-mail systems to the limit. On Tuesday of last week, the operator of what appears to be a very large botnet began to send huge numbers of PDF files aimed at pushing certain stocks.
The graph shows the course of DNS queries to one of the NiX Spam blacklist servers over the last few days. The spam attack kicked off with a bang last Tuesday morning. Since then it has been continuing at short intervals with varying intensity, seen on the diagram as numerous peaks overlaying the "normal" daily pattern. A single perpetrator appears to be able at a stroke to totally dominate e-mail traffic at will, especially at the weekend, when the number of non-spam e-mails is reduced.
Although the number of IP addresses used for the attack dropped significantly over the course of last week, the content of the packaging changed - the traffic now includes ZIP files, which in turn contain stock spam in PDF form. The spam is also being distributed in part as Excel files. Whilst the number of botnet computers and thus IP addresses misused over the weekend was relatively low, a renewed increase on Monday raises fears that the weekend activity may have been merely a dry run for the real thing.